Articles | Journal Home | Home
Information Systems Audit and Control Association
Surfacing the Career Development Issues of IS Auditors:
The Myths and
the Reality
by Siew Kien Sia*
With the continuous applications of advanced IT in business information systems, the future seems bright with promising career paths for IS auditors. However, inadequate research has been done to substantiate these claims or to explore career development in this relatively young profession. Unlike other mainstream disciplines, the IS auditing profession is a unique cross-breed between IT and audit, and has unique career development issues.
Dunmore (1989), for example, has speculated that the lack of career path for IS auditors is the cause of high turnover. Based on a survey of 75 ISACA members, this report hopes to provide preliminary insights into the subject. The information provided should be useful in formulating strategies for recruiting, developing and retaining competent IS auditors.
Methodology
The survey was mailed to all 345 members of the ISACA Singapore Chapter in December 1998. A total of 75 responses were received, representing a response rate of 21 percent. After removing specific categories of responses (e.g., those CISAs who have left the profession), the remaining 52 responses formed the basis of the findings. Detailed questions are listed in Exhibit I (responses are on a seven-point Likert scale).
In addition, a focus group discussion was conducted for a richer understanding of the career management problems. Nine participants including IS audit managers in civil service, financial institutions and IT services provided their valuable input.
Profile of IS Auditors
Table I shows the demographic profile the IS auditors who responded to this survey. The male-female distribution of the 52 respondents is almost equal. Most of them are between 26-35 years old. Nearly 65 percent have CISA qualifications and most work in public accounting, civil service or for financial institutions. Sixty-six percent of them have at least four - six years of working experience in IS auditing.
Table I: Demographics of Respondents Included in the Study
| Demographic Characteristic | Percentage of total | |
| A. B. C. D. E. F. G. |
Sex Male Female Age Under 26 26 - 30 31 - 35 36 - 40 41 - 45 Over 50 Educational Background No degree/ Diploma Degree in Accountancy/Business Degree in Computer Science/ Engineering Double Degrees Other Degrees Professional Qualifications No CPA or CISA CPA CISA Both CPA and CISA Type of Auditors Systems auditors Application Auditors Both Others IT audits General auditors (with some IT emphasis) Type of Organisation (By industry type) Manufacturing Civil Service / Statutory Board Banking, Finance and Insurance Public Accounting and Consultancy Others Number of years in IS auditing 0 - 3 years 4 - 6 years 7 - 9 years 10 - 12 years 13 - 15 years More than 15 years |
|
Facets Driving IS Auditors Careers
In a recent study, Lucy (1999) has noted the tendency of IS auditors to turn away from the IS auditing profession into professions such as IT, auditing or accounting, "..although only 6 percent come to IS audit from MIS, 35 percent of IS auditors go to MIS after leaving the audit department…."
This study supports a similar trend. Approximately 19 percent (14 out of 75) of the respondents had already left the IS auditing profession for other jobs. In addition, out of the sample of 52 practising IS auditors in this survey, 17 (32.7 percent) have indicated the intention to turn away (with a turnaway score greater than 4.5).
This finding is rather alarming, especially for a job with supposedly promising opportunities ahead. The implication is that organisations may have to expend more resources to re-build an effective IS audit function. The high intention to turn away thus suggests the urgent need to understand and manage the career development problems of IS auditors. Through hierarchical regression tests, Tables II and III show further analysis into the turnaway phenomenon based on the background of IS auditors (controlling for gender, educational level and years of working experience). Apparently, the turnaway problem is more pronounced among IS auditors with prior IT backgrounds. Moreover, the facets driving turnaways between audit- and IT-trained IS auditors also differ. Thus, the management of IS auditors cannot be tackled as a single homogeneous group.
Table II: Hierarchical Regression Tests for Effect of Job Facets on Turnaway Intention for IS Auditors with a Prior Audit Background
|
Performance | ||
|
Model 1 Beta |
Model 2 Beta | |
|
Gender F |
-.38**
|
-.36*
|
Table III: Hierarchical Regression Tests for Effect of Job Facets on
Turnaway Intention for IS Auditors with a Prior IT Background
|
Performance | ||
|
Model 1 Beta |
Model 2 Beta | |
|
Gender F |
-.23
|
-.39*
|
Key Concern #1: Role Ambiguity
Role ambiguity seems to be the issue that affects IS auditors from both IT and audit backgrounds. Most of the IS auditors indicated they are simultaneously responsible for other tasks such as financial audit, operational review, business consulting, programming support or project management. Specific actions that need to be taken by management include a clearer delineation of their roles and reporting lines to reduce the extent of job conflict and uncertainty.
Key Concern #2:
Internal Career Progression On the other hand, an additional breach for IS auditors with prior IT background is the lack of internal career progression. As one focus group participant pointed out, "The top of the career ladder for the IT audit profession is IT audit manager. IT auditors who view themselves as IT audit professionals rather than as IT professionals lose career opportunities because they severely limit their future."
Management should attempt to tackle this issue, for example, by defining a specialist IS auditing career path and clarifying potentials for horizontal progression. Possible career prospects should be broadened to related positions like IT directors, IT specialists, heads of internal audit and other senior management posts.
Where the building of an internal career progression path is not practical, organisations may need to consider alternative options such as developing a system of capturing and retaining IS audit expertise (e.g., through a mentoring process or a system or documenting work routines) or even outsourcing the IS audit function. At the individual level, IS auditors should realise the potential for career progression in IS auditing is more occupational, rather than organisational. Indeed, a review of pay packages above S$120,000 noted all these highly paid managers have changed employers at least three times, suggesting a possible leverage on external mobility for career progression. Hence, continuous upgrading to enhance market mobility is crucial. Personal initiatives like changing the job mix and rotating in and out of IS auditing to other departments may be good ways to pick up a variety of marketable skills.
Key Concern #3: Salary Packages of IS Auditors
Quite unexpectedly, the salary package of IS auditors is not an issue in driving IS auditors to turn away. But rather, it is the difference in pay expectations between the IS auditors from audit and IT background that needs to be managed. The MANCOVA analysis (see Table IV) highlighted the specific dimension where the two groups (audit-trained or IT trained) differ significantly in regards to compensation.
Table IV
MANCOVA: Effects of Prior Background on Perceived Job
Dimension
|
Account/Audit |
IT | ||||
|
Psychological Contract Facet |
Mean 5.02 4.34 4.02 4.34 3.97 4.89 |
S.D. 1.19 1.23 1.11 0.80 1.47 1.29 |
Mean 4.85 4.25 3.58 4.00 3.73 5.06 |
S.D. 1.43 1.55 1.02 1.37 1.61 1.39 |
F 1.12 .31 3.42* 2.62 .25 .06 |
| Test for Overall Psychological Contract
Fulfilment Hotelling's T |
1.26 | ||||
Non-managerial IS auditors are paid in the range between S$40,000 to S$52,000 (median S$47,000) while IS audit managers are paid in the range between S$68,000 to S$120,000 (median S$84,000). Further analysis of the salary packages against a published salary survey of IT professionals shows their compensation still lags behind comparable IT positions (see Table V), possibly explaining why IS auditors from IT backgrounds do expect a higher pay scale. For example, while the non-managerial IS auditors are better paid than the rank and file IT positions like programmers and operators, their annual gross salary is lower relative to comparable positions like system analysts, database administrators and data security specialists. Even for managerial positions, IS auditors are at the lower rank of the pay scale, lagging behind positions like application development managers, network managers, project managers and data centre managers. The findings thus support the general perception that IS auditors are not as well compensated as their IT counterparts.
On the other hand, while formal data from general auditors in Singapore were not readily available for comparison, a closer examination of the survey results showed that the common perception that IS auditors command a significant compensation premium over their general audit counterparts is a myth. Indeed, 40 out of the 52 IS auditors noted their compensation was equal to or even less than that of the general auditors'. Only 12 (23 percent) of the respondents felt they were paid better.
The implication of this finding is twofold: (i) the misconception of a monetary rewarding IS auditing career over traditional audit career should be dispelled as it may misguide potential entrants in making their career choice, and (ii) the low premium over general auditors may not be sufficient to induce more to join the profession, contributing to the persistent shortage of IS auditors in the industry. The basis of compensating IS auditors needs to be re-examined. As long as management continues to tie the pay structure of IS auditors to that of the audit industry, it is hard to see the emergence of a strong force of IS auditors.
Conclusion
Despite the supposedly promising careers of IS audit professionals with the ever increasing business emphasis on IT, this study has revealed rather contradictory evidence. Many organisations have yet to recognise the role of IS auditing as a mainstream profession. With a limited organisational career, the high rate of turnover and turnaway among IS auditors is likely to continue. The direct organisational implication is the increasing need for knowledge management among such turbulence. A system of tapping into external talents and then retaining the IS audit expertise, e.g., through documentation, job rotation or mentoring process should be consciously put in place.
* The author gratefully acknowledges the research access and partial funding of this project from the ISACA Singapore Chapter.
Sia Siew Kien, Ph.D. is an assistant professor with the Strategy and Information Systems Division at Nanyang Technological University. His research interests and teaching focus at the undergraduate and MBA level are in information systems auditing and business process reengineering. He has worked on consultancy projects and has made various conference presentations in his areas of research, e.g., TACS. His papers have been published in local and international journals. Prior to joining the University, he was an auditor in an international accounting firm. His experience was largely in financial audits, operational reviews and computer security evaluations. Siew Kien has served on the Research Board and the Academic Relations Board of the Information Systems Audit and Control Association (ISACA).
Articles | Journal Home | Home